| |
 |
Meet Compliance Objectives |
 |
Sarbanes Oxley Act (SOX):
Applies to all U.S. public company boards, management, and public accounting firms. Section 404 of SOX requires management within organizations to ensure that appropriate controls are in place to safeguard information presented in significant accounting statements and assertions. This includes assessing risks and controls within the IT environment and fraud risk assessments. These controls need to be evaluated at every period-end of the financial reporting process. The results are presented as a report on the adequacy of internal control over financial reporting.
Risk Monitoring, Risk Mitigation and tight access control mechanisms will help companies in complying with SOX. Securonix Behavior Profiler helps companies in ensuring that the right individuals are accessing the appropriate applications and the actions being taken by individuals are in line with their past behavior and the behavior of their peers. Critical access is monitored closely and a scoreboard is maintained to monitor IT risk.
Health Information Portability and Accountability Act (HIPAA):
The main goal of HIPAA is to ensure individualʼs health information is protected. As such, all individually identifiable health information must be protected and policies and procedures must be implemented to safeguard the use and distribution of this information.
Companies offering health insurance plans, healthcare clearinghouses and healthcare providers are all subject to HIPAA. There has been a tremendous push to make all of the medical records electronic so that it is easier to control access to this information. However, it is not easy to protect electronic data unless the right technologies and processes are put in place.
Securonix Behavior Profiler is designed to assist companies in safeguarding access to critical information by tracking who is accessing this information from activity log files. The creation of behavior profiles for each individual and the detection of anomalous activities can ensure every individual is accessing what they are supposed to access.
Gramm Leach Bliley Act (GLBA):
GLBA compliance is mandatory; whether a financial institution discloses nonpublic information or not, there must be a policy in place to protect the information from foreseeable threats in security and data integrity. The Financial Privacy Rule, Safeguards Rule and Pretexting Protection Rule are the three components put into place to govern the collection, disclosure, and protection of consumersʼ nonpublic personal information; or personally identifiable information.
GLBA requires the construction and testing of a risk management program on each department handling nonpublic information. Securonix Behavior Profiler creates behavior profiles for each individual that incorporates key characteristics including what they can access within critical applications, how they access it, where do they access it from and what sequence of actions they take within these applications. Any deviation in behavior profiles are instantly flagged and need to be remediated. This novel strategy to monitor and manage risk associated with fraudulent actions ensures that individuals cannot perform rogue actions.
Payment Card Industry (PCI):
The Payment Card Industry (PCI) Data Security Standard details security requirements for members, merchants and service providers that store, process or transmit cardholder data. Merchant or service providers that accept credit cards must validate PCI compliance at least annually. The PCI DSS requires merchants to make their physical and virtual environments secure to ensure protection of cardholder data. Applies to any merchant accepting credit cards as a form of payment. The PCI DSS sets technology requirements such as the use of data encryption, end-user access control, and activity monitoring and logging. It also includes procedural mandates, such as the need to implement formal and documented security policies and vulnerability-management programs.
Securonix Event Analytics can track all users that have access to credit card information. Security policies are set up for ensuring that the right set of individuals are accessing credit card information. Any violation of the security policy is instantly captured and the appropriate individuals are alerted.
Securonix Behavior Profiler creates behavior profiles for individuals based on their activity log history. These behavior profiles are validated against the userʼs peers to ensure integrity of the user behavior profiles. If the Behavior Profile created for a user does not allow them to access credit card information and the user tries to access this information, an alert is instantly raised for security professionals to investigate.
|
Enhance Information Security: |
|
Protecting critical information and IT assets is a key focus for most C level executives. The threat faced by companies today is unprecedented and the stakes are higher then ever before. Organizations donʼt see security as simply a task to achieve compliance goals. Organizations
are losing millions and sometimes billions of dollars to fraudulent actions by their disgruntled
employees or rogue individuals outside the company. The goodwill, prestige and trust lost by customers on organizations that can not protect their private information can cost a lot more if companies do not put a strong security program in place.
In this environment, Securonix products provide a holistic software solution to automate and enhance the security moat around the organizations Information Technology asset. The innovative technique adopted by Securonix Behavior Profiler and Securonix Event and Risk Analyzer ensures that organizations can focus on the most critical aspect of securing critical information.
It is very important for companies to track who is accessing what IT assets and what they are doing within those assets. It is equally important to ensure that the actions taken by individuals in those IT assets align with the organizations security policies. Securonix Identity Matcher correlates user activities with a single user identifier to provide a centralized view of who is doing what within the organization.
After placing the basic building blocks of security using Securonix Identity Matcher, organizations can truly harvest the automation and intelligence within Securonix Behavior Profiler product. Securonix Behavior Profiler creates Behavior Profiles for each individual and each Peer Group based on several key characteristics of that individualʼs activity pattern. An innovative SmartRank algorithm ranks the suspiciousness of each activity based on the weighted deviation from these behavior profiles. Security professionals can focus on the most risky transactions happening in the organization.
Real time fraud detection and prevention requires constant monitoring of all activities across all critical assets. However, it is unrealistic to have security professionals analyzing every activity at all times. We have build Securonix Event and Risk Analyzer to provide the automation and versatility needed to mimic security professional actions. Securonix Event and Risk Analyzer mines the intelligence in expert security professional actions to build adaptive anomaly detection rules. These rules are run on activity log files in real times to detect any anomalous action.
This innovative methodology for securing access will help organizations ensure that the appropriate individuals are accessing their critical assets and that the actions these individuals take within critical assets are in line with what the user normally does and what the their peers normally do.
|
Increase operational Efficiency and Reduce Costs: |
|
Information Security costs as a percentage of total IT spending is rising every quarter. These estimated information security costs do not include periphery information security expenditure in IT audits and IT operations. The majority of this spending is on software/hardware cost and maintenance, personnel, implementation and support activities.
Our aim is to ensure that organizations can utilize their skilled personnel better and provide a one-stop security solution that will eliminate the need for buying and maintaining multiple products to secure access to their applications, databases and systems.
|
Optimize Resource Allocation: |
|
Having the right information at the right time and place is the key to gain competitive advantages in the industry. However, this information is not easy to come by. System, Application and database log files have a tremendous amount of information about what people are doing in your enterprise. Extracting the right set of data and making it into actionable information can be a daunting task.
Securonix software products are designed to provide the right set of individuals the information they need to make informed decisions. We can provide information about your most used assets, peak times, products that sparked the most interest, user inactivity time, network segments least used and a lot of other interesting facts that can help you run your business more efficiently.
|
